Jump to content
Sign in to follow this  
The AchieVer

New TLS encryption-busting attack also impacts the newer TLS 1.3

Recommended Posts

The AchieVer

New TLS encryption-busting attack also impacts the newer TLS 1.3

Researchers discover yet another Bleichenbacher attack variation (yawn!).

TLS 1.3


A team of academics has revealed a new cryptographic attack this week that can break encrypted TLS traffic, allowing attackers to intercept and steal data previously considered safe & secure.


This new downgrade attack --which doesn't have a fancy name like most cryptography attacks tend to have-- works even against the latest version of the TLS protocol, TLS 1.3, released last spring and considered to be secure.

The new cryptographic attack isn't new, per-se. It's yet another variation of the original Bleichenbacher oracle attack.

The original attack was named after Swiss cryptographer Daniel Bleichenbacher, who in 1998 demonstrated a first practical attack against systems using RSA encryption in concert with the PKCS#1 v1 encoding function.

Over the years, cryptographers have come up with variations on the original attack, such as in 20032012201220142014201420152016 (DROWN)2017 (ROBOT), and 2018.

The reason for all these attack variations is because the authors of the TLS encryption protocol decided to add countermeasures to make attempts to guess the RSA decryption key harder, instead of replacing the insecure RSA algorithm.


These countermeasures have been defined in Section of the TLS standard (RFC 5246), which many hardware and software vendors across the years have misinterpreted or failed to follow to the letter of the law.


These failure in regards to implementing proper mitigations has resulted in many TLS-capable servers, routers, firewalls, VPNs, and coding libraries still being vulnerable to Bleichenbacher attack variations, which found and exploited problems in the incorrect mitigation procedures.

The latest Bleichenbacher attack variations was described in a technical paper published on Wednesday, this week, and entitled "The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations."


Seven researchers from all over the world found --yet again-- another way to break RSA PKCS#1 v1.5, the most common RSA configuration used to encrypt TLS connections nowadays. Besides TLS, this new Bleichenbacher attack also works against Google's new QUIC encryption protocol as well.

"The attack leverages a side-channel leak via cache access timings of these implementations in order to break the RSA key exchanges of TLS implementations," researchers said.

Even the newer version of the TLS 1.3 protocol, where RSA usage has been kept to a minimum, can be downgraded in some scenarios to TLS 1.2, where the new Bleichenbacher attack variation works.


"We tested nine different TLS implementations against cache attacks and seven were found to be vulnerable: OpenSSLAmazon s2nMbedTLSApple CoreTLSMozilla NSSWolfSSL, and GnuTLS," researchers said.

Updated versions of all the affected libraries were published concurrently in November 2018, when researchers published an initial draft of their research paper.

For more details, the following CVE identifiers have been assigned to the security bugs enabling this new Bleichenbacher attack: CVE-2018-12404, CVE-2018-19608, CVE-2018-16868, CVE-2018-16869, and CVE-2018-16870.


The two libraries that were not vulnerable were BearSSL and Google's BoringSSL.




Share this post

Link to post
Share on other sites

In the security field it is a given that anything developed by man will eventually be hacked by man.  The only unknown factor is how long is eventually.  There is one thing that has not changed in 79 years, the only secure crypto system (beginning with the German Enigma) is one that is not on line, and then there is still the threat of it being captured, as was the Enigma.  With the advent of software it has become easier and much more common to have cryptographic systems broken.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...